簡易檢索 / 詳目顯示

研究生: 謝周廷
Hsieh, Chou-Ting
論文名稱: 用於網路安全管理之自適應跨層式設計方法
An Adaptive Cross-Layer Design Approach for Network Security Management
指導教授: 郭耀煌
Kuo, Yau-Hwang
學位類別: 碩士
Master
系所名稱: 電機資訊學院 - 資訊工程學系
Department of Computer Science and Information Engineering
論文出版年: 2009
畢業學年度: 97
語文別: 英文
論文頁數: 75
中文關鍵詞: 安全量化安全演算法組合安全需求跨層式設計
外文關鍵詞: Cross-Layer Design, security requirement, security quantification, security composition
相關次數: 點閱:68下載:2
分享至:
查詢本校圖書館目錄 查詢臺灣博碩士論文知識加值系統 勘誤回報
  • 隨著網路技術的進步,大量網路應用服務深入人類生活,網路安全維護的問題也變得日益重要。傳統的階層式網路架構中,網路各層分別提供了多種安全演算法以保護網路安全。然而,執行這些安全演算法將對系統效能造成很大負擔。因此,如何維護網路安全並兼顧系統效能是一個重要的議題。
    在本論文中,我們採用跨層式設計的方法管理網路安全,藉由整合網路各層所提供之安全演算法以滿足使用者的安全需求並維持系統效能。首先,針對不同的網路服務型態,我們依據其可能遭受之安全威脅,分析此網路服務型態中各個安全面向的重要程度。其次,根據各種安全演算法所需的破解和執行時間來量化其安全性及效能。最後,透過跨層式設計的方式,並搭配上述量化、分析的結果以及使用者定義之安全需求,我們將選出合適的跨層式安全演算法組合,以期其既能達到使用者的安全需求,又能兼顧系統效能。
    透過模擬的數據,我們將展示在不同的網路服務型態和網路環境中,利用本論文所提出之跨層式設計網路安全管理方法不僅能達到安全需求,亦能提高系統效能。

    With the development of network technology, there are more network services provided in our daily life, and therefore it is getting important to protect network security. In traditional hierarchical network architecture, there are many kinds of security algorithm performed in every layer respectively to protect network security. However to perform security algorithm will cause huge overheads on system performance. Thus it is difficult to protect network security and maintain system performance at the same time.
    In the thesis, we manage network security by using Cross-Layer Design (CLD) technique. By integrating security algorithms provided in layers, we fulfill the user-demand security requirement and maintain system performance. First, we analyze the importance of security dimensions in different network services according to potential security threats. Next, we quantify security and performance of security algorithms by their cracked and executing time. Then, by using the Cross-Layer Design approach and mentioned analyses and quantified results, we derive a suitable Cross-Layer security composition to satisfy the user-demand security requirement and maintain system performance.
    Finally, according to the simulated results, we show that the derived security composition not only fulfills the user-demand security requirement but also improves system performance in different network services and environments.

    LIST OF TABLES XI LIST OF FIGURES XII CHAPTER 1 INTRODUCTION 1 1.1 MOTIVATION 2 1.2 ADVANTAGES OF THIS APPROACH 3 1.3 ORGANIZATION OF THIS THESIS 4 CHAPTER 2 BACKGROUND 5 2.1 CROSS-LAYER DESIGN 5 2.1.1 TCP/IP Model 5 2.1.2 CLD Architecture 6 2.2 SECURITY ARCHITECTURE IN X.805 8 2.2.1 Security Dimension 8 2.2.2 Security Layer 10 2.2.3 Security Plane 11 2.3 SECURITY ALGORITHM 13 2.4 SECURITY PROTOCOL 14 2.4.1 Transport Layer Security 15 2.4.2 Network Layer Security 15 2.4.3 Data Link Layer Security 16 CHAPTER 3 CROSS-LAYER DESIGN SECURITY MANAGEMENT 19 3.1 SYSTEM ARCHITECTURE 19 3.2 SECURITY REQUIREMENT 21 3.2.1 Service Type 23 3.2.2 Security Threats 25 3.2.3 Calculating the Security Requirement 30 3.3 SECURITY QUANTIFICATION 32 3.3.1 Security Metric 32 3.3.2 Security Margin 33 3.3.3 Calculating the Cracking Year 34 3.4 SYSTEM CONTROL PROCEDURE 39 3.4.1 Preparation and User Configure 42 3.4.2 Selection Scheme 43 3.4.3 Composition Mechanism 46 3.5 DYNAMIC ENVIRONMENT SECURITY CONTROL 48 CHAPTER 4 SIMULATION RESULTS 50 4.1 CROSS-LAYER DESIGN SECURITY MANAGEMENT 50 4.2 SPECIAL SCENARIO 64 CHAPTER 5 CONCLUSION AND FUTURE WORK 70 5.1. CONCLUSION 70 5.2. FUTURE WORK 70 REFERENCES 72

    [AGA05] Avesh K. Agarwal, Wenye Wang and Janise Y. McNair, “An Experimental Study of Cross-Layer Security Protocols in Public Access Wireless Networks,” Global Telecommunications Conference, vol. 3, Dec. 2005
    [ELM08] Diaa Salama Abdul. Elminaam, Hatem Mohamed Abdul Kader and Mohie Mohamed Hadhoud, “Performance Evaluation of Symmetric Encryption Algorithms,” International Journal of Computer Science and Network Security, vol. 8, Dec. 2008
    [FOU08] Fotis Foukalas, Vangelis Gazis and Nancy Alonistioti, “CROSS-LAYER DESIGN PROPOSALS FOR WIRELESS MOBILE NETOWRKS: A SURVEY AND TAXONOMY,” IEEE Communications Survey & Tutorial, vol. 10, pp. 70-85, First Quarter 2008
    [JOH04] David Johnston and Jesse Walker, “Overview of IEEE 802.16 Security,” IEEE Security & Privacy, vol. 2, pp. 40-48, May-June 2004
    [KLI04] Dzmitry Kliazovich and Fabrizio Granelli, “A Cross-layer Scheme for TCP Performance Improvement in Wireless LANs,” IEEE Global Telecommunications Conference 2004, pp. 840-844
    [KNO00] Konstantin Knorr and Susanne Rohrig, “Security of Electronic Business Applications: Structure and Quantification,” International Conference on Electronic Commerce and Web Technologies, pp. 25-37, 2000
    [LEE08] Junghoon Lee, George F. Elmasry and Manoj Jain, “EFFECT OF SECURITY ARCHITECTURE ON CROSS-LAYER SIGNALING IN NETWORK CENTRIC SYSTEMS,” IEEE Military Communications Conference 2008, pp. 1-5, Nov. 2008
    [LEN99] Arjen K. Lenstra and Eric R. Verheul, “Selecting Cryptographic Key Sizes,” Journal of Cryptology, vol. 14, pp. 255-293, 1999
    [LIU06] Fuqiang Liu and Lei Lu, “A WPKI-based security mechanism for IEEE 802.16e,” IEEE Wireless Communications Networking and Mobile Computing 2006, pp. 1-4, Sept. 2006
    [MA03] Yue Ma and Xiuying Cao, “HOW TO USE EAP-TLS AUTHENTICATION IN PWLAN ENVIRONMENT,” IEEE Neural Networks and Signal Processing 2003, vol. 2, pp.1677-1680, Dec. 2003
    [PER06] Vilas Rao Perka and Piyush Mishra, “Secure Information Exchange – A Security Quantification Approach,” Proceedings, IEEE International Conference of Electro/Information Technology, pp. 448-453, May 2006
    [RAM07] S. Ramachandran, G. Fairhurst, M. Luglio, C.Roseti and S. Provenzano, “Network Layer Security: Design for A Cross Layer Architecture,” International Workshop Satellite and Space Communications 2007, pp. 271-275, Sept. 2007
    [SRI05] Vineet Srivastava and Mehul Motani, “Cross-Layer Design: A Survey and the Road Ahead,” IEEE Communications Magazine, vol. 43, pp. 112-119, Dec. 2005
    [STD91] THE INTERNATIONAL TELEGRAPH AND TELEPHONE CONSULATATIVE COMMITTEE, DATA COMMUNICATION NETWORKS: OPEN SYSTEMS INTERCONNECTION (OSI); SECURITY, STRUCTURE AND APPLICATIONS, SECURITY ARCHITECTURE FOR OPEN SYSTEMS INTERCONNECTION FOR CCITT APPLICATIONS, Recommendation X.800
    [STD00] R. Shirey, “RFC2828 – Internet Security Glossary,” Network Working Group, May 2000
    [STD03] Draft ITU-T Recommendation X.805 (Formerly X.css), Security architecture for systems providing end-to-end communications
    [STD04] IEEE Std. 802.16-2004 (Revision of IEEE Std. 802.16-2001), “IEEE Standard for Local and metropolitan area networks, Part 16: Air Interface for Fixed Broadband Wireless Access Systems,” 2004
    [STD05] IEEE Std. 802.16e, “IEEE Standard for Local and metropolitan area networks, Part 16: Air Interface for Fixed Broadband Wireless Access Systems, Amendment 2: Physical and Medium Access Control Layer for Combined Fixed and Mobile Operation in Licensed Bands and Corrigendum 1,” 2005
    [THA07] Geethapriya Thamilarasu and Ramalingam Sridhar, “Exploring Cross-layer techniques for Security: Challenges and Opportunities in Wireless Networks,” IEEE Military Communications Conference 2007, pp. 1-6, Oct. 2007
    [XIA06] Mingbo Xiao, Xudong Wang and Guangsong Yang, “Cross-Layer Design for the Security of Wireless Sensor Networks,” Intelligent Control and Automation, vol. 1, pp. 104-108, 2006
    [XIN07] HE Xin and CHEN Qi, “Design and implementation of a simplified IPSec model,” Journal of Communication and Computer, USA, vol. 4, No.7, Jul. 2007
    [XUE03] Qi Xue and Aura Ganz, “Runtime Security Composition for Sensor Networks (SecureSense),” IEEE Vehicular Technology Conference 2003, vol. 5, pp. 2976-29980, Oct. 2003
    [YAN05] Fan Yang, Huaibei Zhou, Lan Zhang and Jin Feng, “An Improved Security Scheme in WMAN based on IEEE Standard 802.16,” IEEE WIreless Communications Networking and Mobile Computing 2005, vol. 2, pp. 1191-1194, Sept. 2005

    下載圖示 校內:2010-08-26公開
    校外:2010-08-26公開
    QR CODE